Техническая информация
Вредоносные функции:
Выполняет код следующих детектируемых угроз:
- Android.Triada.477.origin
Сетевая активность:
Подключается к:
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) api.b####.lie####.cn:80
- TCP(HTTP/1.1) api.sdk.f####.cn:80
- TCP(HTTP/1.1) ly-xiao####.oss-cn-####.aliy####.com:80
- TCP(HTTP/1.1) me####.t####.com.####.cn:80
- TCP(HTTP/1.1) api.v2.sdk.####.cn:80
- TCP(HTTP/1.1) oss-cn-####.aliy####.com:80
- TCP(HTTP/1.1) s####.y####.cn:80
- TCP(TLS/1.0) p####.ou####.com:4433
- TCP(TLS/1.0) av1.x####.com:443
- TCP(TLS/1.0) dualsta####.wagbr####.ali####.####.com:443
- TCP(TLS/1.0) et2-na6####.wagbr####.ali####.####.com:443
- TCP(TLS/1.0) h####.b####.com:443
- TCP(TLS/1.0) c####.x####.com:443
- TCP(TLS/1.0) i####.j####.com:443
- TCP(TLS/1.0) adt.x####.com:443
- TCP(TLS/1.0) 2####.119.215.106:443
- TCP(TLS/1.0) abc.abcdse####.com:8888
Запросы DNS:
- abc.abcdse####.com
- adt.x####.com
- api.b####.lie####.cn
- api.sdk.f####.cn
- api.v2.sdk.####.cn
- av1.x####.com
- c####.x####.com
- c####.x####.com
- h####.b####.com
- i####.j####.com
- j####.lie####.cn
- ly-xiao####.oss-cn-####.aliy####.com
- m.b####.lie####.cn
- me####.t####.com
- oss-cn-####.aliy####.com
- p####.ou####.com
- plb####.u####.com
- s####.y####.cn
- u####.u####.com
- u####.umengc####.com
Запросы HTTP GET:
- api.b####.lie####.cn/Api/start_pic/startpiclist
- api.b####.lie####.cn/Book/getListByIds?bookIds=####
- api.b####.lie####.cn/Book/homeBookNew?gender=####
- api.b####.lie####.cn/Book/homeFindNew
- api.b####.lie####.cn/Home/Book/getFindNewBookCircle?limit=####&page=####
- api.b####.lie####.cn/Service/getAppVersion?channelId=####&packageName=##...
- api.b####.lie####.cn/Service/reportDevice?factor=####&imei=####&imsi=###...
- api.b####.lie####.cn/User/getAdFreeConfig?token=####
- api.b####.lie####.cn/User/getInfo?token=####
- api.b####.lie####.cn/service/getAdConfig?channelId=####&device_type=####...
- api.b####.lie####.cn/user/syncUserBooksByAdmin?gender=####&token=####
- api.b####.lie####.cn/user_agreement.html
- api.sdk.f####.cn/v2/initUrl?appId=####
- ly-xiao####.oss-cn-####.aliy####.com/book/book_cover/14669.jpg
- ly-xiao####.oss-cn-####.aliy####.com/book/book_cover/15134.jpg
- ly-xiao####.oss-cn-####.aliy####.com/book/book_cover/16988.jpg
- ly-xiao####.oss-cn-####.aliy####.com/book/book_cover/17330.jpg
- ly-xiao####.oss-cn-####.aliy####.com/book/book_cover/17720.jpg
- ly-xiao####.oss-cn-####.aliy####.com/book/book_cover/17812.jpg
- ly-xiao####.oss-cn-####.aliy####.com/book/book_cover/23742.jpg
- ly-xiao####.oss-cn-####.aliy####.com/book/book_cover/23749.jpg
- ly-xiao####.oss-cn-####.aliy####.com/book/book_cover/23922.jpg
- ly-xiao####.oss-cn-####.aliy####.com/book/book_cover/23986.jpg
- ly-xiao####.oss-cn-####.aliy####.com/book/book_cover/25152.jpg
- ly-xiao####.oss-cn-####.aliy####.com/book/book_cover_1/153317.jpg
- ly-xiao####.oss-cn-####.aliy####.com/book/book_cover_1/153352.jpg
- ly-xiao####.oss-cn-####.aliy####.com/book/book_cover_1/153688.jpg
- ly-xiao####.oss-cn-####.aliy####.com/book/yumao/112138.jpg
- ly-xiao####.oss-cn-####.aliy####.com/book/yumao/112281.jpg
- ly-xiao####.oss-cn-####.aliy####.com/book/yumao/112282.jpg
- ly-xiao####.oss-cn-####.aliy####.com/book/yumao/112389.jpg
- ly-xiao####.oss-cn-####.aliy####.com/book/yumao/112390.jpg
- ly-xiao####.oss-cn-####.aliy####.com/book/yumao/114017.jpg
- ly-xiao####.oss-cn-####.aliy####.com/book/yumao/114138.jpg
- ly-xiao####.oss-cn-####.aliy####.com/xiaoshuo/system_admin/2019-07-15/c8...
- ly-xiao####.oss-cn-####.aliy####.com/xiaoshuo/system_admin/2019-07-29/2f...
- ly-xiao####.oss-cn-####.aliy####.com/xiaoshuo/system_admin/2019-09-03/20...
- ly-xiao####.oss-cn-####.aliy####.com/xiaoshuo/system_admin/2019-09-03/27...
- ly-xiao####.oss-cn-####.aliy####.com/xiaoshuo/system_admin/2019-09-03/4d...
- ly-xiao####.oss-cn-####.aliy####.com/xiaoshuo/system_admin/2019-09-03/52...
- ly-xiao####.oss-cn-####.aliy####.com/xiaoshuo/system_admin/2019-09-03/66...
- ly-xiao####.oss-cn-####.aliy####.com/xiaoshuo/system_admin/2019-09-03/82...
- ly-xiao####.oss-cn-####.aliy####.com/xiaoshuo/system_admin/2019-09-03/8b...
- ly-xiao####.oss-cn-####.aliy####.com/xiaoshuo/system_admin/2019-09-03/cd...
- ly-xiao####.oss-cn-####.aliy####.com/xiaoshuo/system_admin/2019-09-19/52...
- ly-xiao####.oss-cn-####.aliy####.com/xiaoshuo/system_admin/2019-09-23/df...
- ly-xiao####.oss-cn-####.aliy####.com/xiaoshuo/user_header_v/2e4315a4d0fa...
- ly-xiao####.oss-cn-####.aliy####.com/xiaoshuo/user_header_v/7888a44e8395...
- ly-xiao####.oss-cn-####.aliy####.com/xiaoshuo/user_header_v/b5e224be3a73...
- ly-xiao####.oss-cn-####.aliy####.com/xiaoshuo/user_header_v/bae703fd22af...
- ly-xiao####.oss-cn-####.aliy####.com/xiaoshuo/user_header_v/e50e8d2732bb...
- me####.t####.com.####.cn/0/8/4/0/0840801a02776d226711ddd496e73591.jpg
- me####.t####.com.####.cn/2/e/4/4/2e442def9c29f03dfbf9ef7afe803cde.jpg
- me####.t####.com.####.cn/2014/07/07/b/0/3/3/b0334d488a4844ab94bf329b4c76...
- me####.t####.com.####.cn/2014/07/07/b/d/5/8/bd58a0a2a61a40c89a0098689776...
- me####.t####.com.####.cn/2014/12/31/1/e/8/0/1e801ae178e54f8c973af20247f6...
- me####.t####.com.####.cn/2015/04/01/d/9/0/0/d9004bf8737a40fea4b4c23d47ec...
- me####.t####.com.####.cn/2016/05/19/6/6/2/8/662875349bf040dab7eb5862c5ef...
- me####.t####.com.####.cn/2016/10/28/f/7/e/5/f7e53b7229bf436e88104f63d66d...
- me####.t####.com.####.cn/2016/11/10/c/e/8/d/ce8d4e14b702490db1deb6f4dcd9...
- me####.t####.com.####.cn/2017/04/13/d/2/8/3/d283f7a9da9148318209a0e81465...
- me####.t####.com.####.cn/2017/05/02/b/6/5/d/b65ddedbf5ce41d98e43d1557f69...
- me####.t####.com.####.cn/2018/04/08/9/5/9/9/95994dbcb69049e79bc84af52c7a...
- me####.t####.com.####.cn/2018/06/14/0/2/0/9/0209c5d66428479a93fe89b0c03e...
- me####.t####.com.####.cn/2019/03/29/12/22/f7bc863ba7794b81baecc76d84587a...
- me####.t####.com.####.cn/3/b/5/5/3b558167588a61914c0071b31cf4421b.jpg
- me####.t####.com.####.cn/6/5/8/d/658df329426152190bfc5e92f63c2ba0.jpg
- me####.t####.com.####.cn/7/7/2/6/7726e3ed586131df6e06ffc1ff6b016b.jpg
- me####.t####.com.####.cn/8/9/d/2/89d2c35e0a4dc208d7d575353d94c1c8.jpg
- me####.t####.com.####.cn/a/7/b/e/a7bed04a3e6e43729695c880e2e83995.jpg
- me####.t####.com.####.cn/a/f/1/f/af1f2ba2ffb946e791d9e0ee1bdf9801.jpg
- me####.t####.com.####.cn/b/c/8/6/bc861a1cc96045059646d9b0798eb93d.jpg
- me####.t####.com.####.cn/b/f/a/8/bfa89a01ea283c1cab9e98c92f0cd809.jpg
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-05-07/5cd14c876060c.png
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-05-07/5cd14c98d25d3.png
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-05-07/5cd14ca254c4b.png
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-05-07/5cd14de068502.png
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-05-07/5cd14df6a02d9.png
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-05-07/5cd1523901ccd.png
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-05-07/5cd15252e7fce.png
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-05-07/5cd1526a11e7f.png
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-05-07/5cd1552937362.png
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-05-07/5cd1553251a46.png
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-05-07/5cd1553e7308c.png
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-05-07/5cd15574d6bcf.jpg
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-05-16/5cdd1e11d8e55.png
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-05-16/5cdd1e229f177.png
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-05-16/5cdd3f677d226.png
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-05-16/5cdd3f7a544c8.png
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-07-15/5d2c3935b51d3.jpg
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-07-16/5d2d33ef61ed6.jpg
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-07-16/5d2d34375560f.jpg
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-07-16/5d2d353b01914.jpg
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-07-30/5d404d1f35f30.png
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-08-06/5d493c0fd3a13.png
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-08-06/5d493c3a36bfb.png
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-08-06/5d493c7a81e8f.png
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-08-06/5d493c98f112b.png
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-08-12/5d50df4380901.png
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-08-13/5d5269d2891f2.jpg
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-08-21/5d5d3c7cf3952.png
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-08-21/5d5d3c8da6c76.png
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-08-26/5d6350b18b8a8.png
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-09-03/5d6e23ee62362.png
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-09-05/5d7128dccebf9.png
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-09-06/5d7220b467b34.png
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-09-09/5d7630fa2c67b.png
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-09-09/5d7631085aaa4.png
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-09-09/5d76311722db1.png
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-09-09/5d763125b14ff.png
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-09-16/5d7efe1f8203c.png
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-09-20/5d843e7e17175.png
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-09-21/5d85bff6c5201.jpg
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-09-21/5d85c01c2eaf0.png
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-09-21/5d85c03d394a5.png
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-09-21/5d85c0d2a26c2.png
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-09-23/5d88286a1e186.png
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-09-23/5d88288182fc7.png
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-09-23/5d8828a226f2c.png
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-09-23/5d88292188d18.png
- oss-cn-####.aliy####.com/ly-xiaoshuo/xiaoshuo/2019-09-24/5d89aed6e0b6d.png
- s####.y####.cn/Upload/cover/da/20160617164501.jpg
- s####.y####.cn/Upload/cover/da/20180125153204-107965.jpg
Запросы HTTP POST:
- api.b####.lie####.cn/ReportStaticts/startUp
- api.b####.lie####.cn/event/advertisement
- api.b####.lie####.cn/event/page
- api.v2.sdk.####.cn/v2/aiList
Изменения в файловой системе:
Создает следующие файлы:
- /data/data/####/.jg.ic
- /data/data/####/0b58e83ee0e892a7706d6f98cc290e316ccddd66322a6b4....0.tmp
- /data/data/####/0e1cb0ca451a489ddc34f89a9f419d72aafa477f6e75f3b....0.tmp
- /data/data/####/110723.jar
- /data/data/####/1332d62e947695ce6764203c990e6af7e2d170713338905....0.tmp
- /data/data/####/143346465a522ecf84c6b0869b117edf88c808992bc3c9a....0.tmp
- /data/data/####/1569418744908_2247
- /data/data/####/1569418745109_2247
- /data/data/####/1569418745284_2247
- /data/data/####/1569418745356_2247
- /data/data/####/1569418745374_2247
- /data/data/####/1569418745415_2247
- /data/data/####/1569418745729_2247
- /data/data/####/1569418745788_2247
- /data/data/####/1569418745816_2247
- /data/data/####/1569418745956_2247
- /data/data/####/1569418746475_2247
- /data/data/####/1569418748613_2247
- /data/data/####/1569418748856_2247
- /data/data/####/1569418749216_2247
- /data/data/####/1569418749747_2247
- /data/data/####/1569418751903_2247
- /data/data/####/1569418767152_2247
- /data/data/####/1569418767495_2247
- /data/data/####/1569418767564_2247
- /data/data/####/1569418768651_2247
- /data/data/####/1569418769032_2247
- /data/data/####/1569418769166_2247
- /data/data/####/1569418769231_2247
- /data/data/####/1569418769766_2247
- /data/data/####/1569418773825_2247
- /data/data/####/1569418773956_2247
- /data/data/####/1569418777604_2247
- /data/data/####/1569418777647_2247
- /data/data/####/1569418778163_2247
- /data/data/####/1569418778241_2247
- /data/data/####/1569418809718_2247
- /data/data/####/179b1e46920359283634234526d259035a04e60fa0d3a1d....0.tmp
- /data/data/####/1abad8c80238f76917c6e26609c8ce06011d9e6e3509bf0....0.tmp
- /data/data/####/1d1e79b5785c5eb7404d301284413785dc5d9e77639709e....0.tmp
- /data/data/####/1d8c6d63f28990dabdc1b5f8d24e3d4c771ea1f1fcfce13....0.tmp
- /data/data/####/2235e3e532d75a099baec8f004baa26acc8c4146b3da233....0.tmp
- /data/data/####/22c6a5654ec0b6d780514a16ecc39396af7ed359cb72a1b....0.tmp
- /data/data/####/24007bbaf6cb6f8ba3f24072ed6696779870f39cfeb1fed....0.tmp
- /data/data/####/2630d3870fd4f119f926dcacd6954da3bc291a876b74412....0.tmp
- /data/data/####/27d22f2138b2ca0272830794a3b1e6189057fd287cc1c1e....0.tmp
- /data/data/####/29c9a8d20530e963ad49f2ea5c10f0bd6a0a09351e7f70a....0.tmp
- /data/data/####/29e4fb94932189909efc8163d7001619d3ab233f2679201....0.tmp
- /data/data/####/2b4452f2a5a1a72e8979f52a2369a45171e887a8a588ba4....0.tmp
- /data/data/####/2c321714731eed36ea4d09966a79eb7124982d901b9d52e....0.tmp
- /data/data/####/2d90cc1a18e6ac864cf85c2d40bc8cea8cdbc6e5c606520....0.tmp
- /data/data/####/2dcaa711587b15ef5f1421767138ea7a12dcb695ffb08f3....0.tmp
- /data/data/####/2f0dae7555d9298929967842615822c1747a8add4185c17....0.tmp
- /data/data/####/2f6b12156e0cbd1219191d1e82e97e7faecef7b01b28e68....0.tmp
- /data/data/####/2ffbfe9fed76e5e2f173e4a0b1aa5b1f20378be6c38ad13....0.tmp
- /data/data/####/302c926ea71f9abb1e8dad69a7acc70a7ff447e482db78d....0.tmp
- /data/data/####/3773c52a24acc4dae8a93056e3affff991db878dcf0fbeb....0.tmp
- /data/data/####/3aab7548e1e4a54c14ca1cbd8d8b6d0a9126919ec3964eb....0.tmp
- /data/data/####/40bf1049be60cdd579b36cf8d5ffce39ea4d08864b66406....0.tmp
- /data/data/####/42263c31592a78b550310758c5e8fa384ad6f8b10a90c5f....0.tmp
- /data/data/####/450b4d1dacf272efaca9fc5f3c367146385cbc9ecae47af....0.tmp
- /data/data/####/45ade48d321f024c6ade6cff23958bced533040e002b30d....0.tmp
- /data/data/####/4c573272e3026ee523ef3a9e23800081f51b15e2331480f....0.tmp
- /data/data/####/4db4492c4f22b25090d62019d8336e1cd2b01a2bb48bd4a....0.tmp
- /data/data/####/4e93b3835f9ea50cda979b97302c3892c4f3fe1e6acf947....0.tmp
- /data/data/####/4ed4ccae9605fbd9a8ccd6a98c8770031a3d5d093512607....0.tmp
- /data/data/####/52e13671d4d7c01a1a9e117160864fb8d38b471c7912c4b....0.tmp
- /data/data/####/59dbce7a32f95789c0df93b14c13e418abc9e1e7fb53a24....0.tmp
- /data/data/####/5d47fb1057e0a1262e93e827bac0e17590d2edd3e1c2ac1....0.tmp
- /data/data/####/5d863a0b9ccadd5369ff55d89c058300a27902ef92973e7....0.tmp
- /data/data/####/5d87103163439068c892a98fb061a63955f38845d28808a....0.tmp
- /data/data/####/5f6e1855de6e20230cb52a49d210423102bf23e9e7edf32....0.tmp
- /data/data/####/63ef14702dc53f2be0d9767bd23ce03cd462ac6c2326fad....0.tmp
- /data/data/####/65490d4ba664a9b37afe48e2f0c706278d97c4679a347c6....0.tmp
- /data/data/####/6a1406bd7f88dc7c18c9556a0524dbba7d283abec697816....0.tmp
- /data/data/####/6beab62c0927071da5b6ce2d11c169f7883491e8f6e0980....0.tmp
- /data/data/####/6f1bae14e79ae087bd96ad6f5a343af247022260059be2c....0.tmp
- /data/data/####/7304f203283efc934e5c2beb9815682ee660b4b36a8c121....0.tmp
- /data/data/####/74e61abb2f903a0671e31eb6e101f0b96dc805c513e1239....0.tmp
- /data/data/####/750444f4d81262abd2fc1c918ebad5b6d228070ab41c973....0.tmp
- /data/data/####/76f5769fd931f61e421894c0af100190c42e7ac5a937309....0.tmp
- /data/data/####/7820bccc3713b88f74212e15daaf0a49e4e844557f42aa7....0.tmp
- /data/data/####/7a614c814dc5a4889180b18ab76d739c84249c4c144b143....0.tmp
- /data/data/####/7aca373b4f993e765ea14d6efc7b623ad4bc14800a76b5f....0.tmp
- /data/data/####/7f24a5fdf5083775e1aae18fcb483a71dc3a4f6c4f172fe....0.tmp
- /data/data/####/7fc78691da6760b9161dd7a7927d39b35a2f6d95f5d553a....0.tmp
- /data/data/####/7fd6d5b68a9e8b855f52904769a31876214910b66ef55c5...2975.0
- /data/data/####/80339d7269d54aa9569c72742ab0017df5b2992e530c395....0.tmp
- /data/data/####/85eef175644a880c97c93b218a0cdcad811ac42876a8682....0.tmp
- /data/data/####/87992c3acd196c8c9e016b00c5c4e07408d8536f623198a....0.tmp
- /data/data/####/87f003832ba66814267db7acb187b127d42d2b7dd83f7a0....0.tmp
- /data/data/####/88b208f8e9dab6a1d924a772de3491f5c721121e08bdcb1....0.tmp
- /data/data/####/8a1058ac62bc7dea60da53a54e93321a6f668dd90d21cae....0.tmp
- /data/data/####/8c8a2e2bb43d80ac05772a996c102f9bcdd45111f838575....0.tmp
- /data/data/####/910fdd28c70ecb59692161f5a9b93ebb50b0d98b4bfa534....0.tmp
- /data/data/####/92d9085f96103a60f077ccd74051a083728597a64ba2ccd....0.tmp
- /data/data/####/93959543abe5f89683980c2567419b890a796c4883df437....0.tmp
- /data/data/####/93a080925aad1d5eb49605b7e2910e984e7b2934dfe0365....0.tmp
- /data/data/####/941bf36d9313f42649e9b8cd15dffe12dabab3043a3597f....0.tmp
- /data/data/####/9617e3b293ec5be432f4d73fa89555f32aab2c6878bb331....0.tmp
- /data/data/####/9b59b3bb45a407555e07bbe8baefa5a434e94cc7c515442....0.tmp
- /data/data/####/9bbc2c79b00f32dd6ad483ef57b7ca52b09633848445499....0.tmp
- /data/data/####/9c1b411495ebcaf25fb5f99b8bfd56b25c31f76fa507402....0.tmp
- /data/data/####/9c200d788526ba89a7a97bd81d7f5ff9e65f05b8bd77732....0.tmp
- /data/data/####/9ca401fd0e56dc65b6d7ec85728995357635da514eda2a0....0.tmp
- /data/data/####/Archimedes_p1
- /data/data/####/Archimedes_p2
- /data/data/####/Archimedes_p3
- /data/data/####/Archimedes_p4
- /data/data/####/Archimedes_p5
- /data/data/####/LY_AD_KEY.xml
- /data/data/####/PreferanceUtil.xml
- /data/data/####/TDCloudSettingsConfig8B95F6FFB5124FA2A9AA840736F3E611.xml
- /data/data/####/TD_app_pefercen_profile.xml
- /data/data/####/TDpref_cloudcontrol1.xml
- /data/data/####/TDpref_cloudcontrol2.xml
- /data/data/####/TDpref_longtime.xml
- /data/data/####/TDpref_longtime0.xml
- /data/data/####/TDpref_longtime0.xml.bak
- /data/data/####/TDpref_longtime1.xml
- /data/data/####/TDpref_shorttime.xml
- /data/data/####/TDpref_shorttime0.xml
- /data/data/####/TDpref_shorttime1.xml
- /data/data/####/UM_PROBE_DATA.xml
- /data/data/####/__Baidu_Stat_SDK_SendRem.xml
- /data/data/####/__local_ap_info_cache.json
- /data/data/####/__local_last_session.json
- /data/data/####/__local_stat_cache.json
- /data/data/####/__send_data_1569418746008
- /data/data/####/a0b561931bf19bcc7b61b16b9c5c4e9459971ee449d05ee....0.tmp
- /data/data/####/a1bde279f1d5975ea846abe9bb0ef7845eadb36aaaeccce....0.tmp
- /data/data/####/a347b91c26fe9595032664269792238d91b0112aa419233....0.tmp
- /data/data/####/a47b2a05b28b108254113629b5f3feb2c5b0bc0ba1f1f5b....0.tmp
- /data/data/####/a4c61bab6bfee7974359784798e95bde2889152488e5663....0.tmp
- /data/data/####/a51d55d6ff4ba587f816d3624b5b8f45a3bec0349a73220....0.tmp
- /data/data/####/a9062a4b460da80b38658059bf34d276f1da80226803948....0.tmp
- /data/data/####/ab8660f21f8f077f3659e61e42210ff894c88b2b8961269....0.tmp
- /data/data/####/acd29d94d7d2978797f812b77d1caf8a033678515f5ee02....0.tmp
- /data/data/####/af5455188d1e91855a89fa158082cfacaaff34607aff0a7....0.tmp
- /data/data/####/b4a17bf12c5bc6238c440f4c1b487c4d908a7539ee48463....0.tmp
- /data/data/####/b52192f7ce986b1c9c6fd86063069d75f0310d978a0876c....0.tmp
- /data/data/####/b712b3330ac37157f9f4dab2abd57a21f4941d141f5747d....0.tmp
- /data/data/####/baidu_mtj_sdk_record.xml
- /data/data/####/bb2c192d136eab3fe55d80178f26cf4eaec51c83eaf5bcb....0.tmp
- /data/data/####/bf8f5f7bc379905d3f8b7d768fdb2b3e0dc2f5d0a118494....0.tmp
- /data/data/####/c0923f0e69bca2afd9c9fa70ee95a321277c43445c9f1f5....0.tmp
- /data/data/####/c22f00343745d23a5d9b7a04cf0c9820813f20bb52a3a7b....0.tmp
- /data/data/####/c6a2e89e39abc6d5d989cbd7e9b8b659595d585c9ae8de9....0.tmp
- /data/data/####/c739c52db622c2bf629844ef6fece26efa19435686b197c....0.tmp
- /data/data/####/c785264a33973d10f00be358e3e4ffd523c2872753dc8d5....0.tmp
- /data/data/####/c7f905a034f961ba515680f6e042cd48101f026fbaa2bb8....0.tmp
- /data/data/####/c8b268943eaf544ae23b9258ce43b2964d00ed0cfcb948b....0.tmp
- /data/data/####/cae2c38caaf77626376471361c0ce589c854f3d81e43d9b....0.tmp
- /data/data/####/cb0ba5a64057238fd427d75d206a86061f2727927109667....0.tmp
- /data/data/####/cn.lieying.app.readbook_preference.xml
- /data/data/####/com.aikesi.app.DEFAULT_PREF.xml
- /data/data/####/d0404171581757597149a71770e28aaa261c057f567374e....0.tmp
- /data/data/####/d2534214aaf31f039f331befdccefa2e649f422d6eb4e17...2e07.0
- /data/data/####/d2c654bb99dd6ea7a545d0db7a4b235e7ff4bf6c44ec145....0.tmp
- /data/data/####/dW1weF9pbnRlcm5hbF8xNTY5NDE4NzQ0MDg0;
- /data/data/####/dW1weF9pbnRlcm5hbF8xNTY5NDE4NzQyNTAy;
- /data/data/####/dW1weF9zaGFyZV8xNTY5NDE4NzQ1ODkw;
- /data/data/####/dW1weF9zaGFyZV8xNTY5NDE4NzQ1OTgy;
- /data/data/####/data_0
- /data/data/####/data_1
- /data/data/####/data_2
- /data/data/####/data_3
- /data/data/####/db3c024e9720ba04ceaa73a0387bc277e6226c5ac2fa1d5....0.tmp
- /data/data/####/db6f2fb63e909afb8077c010e196f36781dd15e41aca2bf....0.tmp
- /data/data/####/db8b9d7afec3f2fbefb2e562916a9914a6ffe3b2a4d256c....0.tmp
- /data/data/####/dd2d9b0898e048ae9b5d8186cc54af31e5e96fc1950b201....0.tmp
- /data/data/####/dd2d9b0898e048ae9b5d8186cc54af31e5e96fc1950b201...b0e7.0
- /data/data/####/e0842450b8cd693dc39787e50c49152a99af3cc7e98ede0....0.tmp
- /data/data/####/e0fd22c5318a0da664795c03ffb1ee49492a1fb6e65f7e5....0.tmp
- /data/data/####/e53fd7b1e7d3031687832c9cc0670d66273e9902a198e99....0.tmp
- /data/data/####/e74eab11fe3b2f91b6c970ee2bbe0129df68bbccc743ad5....0.tmp
- /data/data/####/ea4e851f3785cb16ef310368114467fc5a1c60151791584....0.tmp
- /data/data/####/eac3da21ff36e3396e3cf51a955397102c72e2dbcaae45b....0.tmp
- /data/data/####/eb65ccc46f50f25bcf461c6f1914cff06d54420cae6f53e....0.tmp
- /data/data/####/ef625f0a9e36d1d058708442a7f2ba06afe46421984f591....0.tmp
- /data/data/####/exchangeIdentity.json
- /data/data/####/exid.dat
- /data/data/####/f7b83acdde9f4bacf7593cc7289b0f902174403a188fcc4....0.tmp
- /data/data/####/f928ff1903b4e30d31e2f96c1c3216c1de490eb74731885....0.tmp
- /data/data/####/ff3c2e1a8075de7f239e006034362f7f9fc7d533fc633e6....0.tmp
- /data/data/####/index
- /data/data/####/info.xml
- /data/data/####/init_urls.xml
- /data/data/####/iv
- /data/data/####/journal.tmp
- /data/data/####/libcuid.so
- /data/data/####/libjiagu133023732.so
- /data/data/####/multidex.version.xml
- /data/data/####/novel_page.db
- /data/data/####/novel_page.db-journal
- /data/data/####/salt
- /data/data/####/share.db-journal
- /data/data/####/tdid.xml
- /data/data/####/um_pri.xml
- /data/data/####/umeng_common_config.xml
- /data/data/####/umeng_general_config.xml
- /data/data/####/umeng_it.cache
- /data/data/####/umeng_socialize.xml
- /data/data/####/webview.db-journal
- /data/data/####/webviewCookiesChromium.db-journal
- /data/data/####/xiaoshuo.db-journal
- /data/media/####/.confd
- /data/media/####/.confd-journal
- /data/media/####/.cuid
- /data/media/####/.cuid2
- /data/media/####/.nomedia
- /data/media/####/.timestamp
- /data/media/####/1f8b5f544ecbd7768735c7c53ed211db.xml
- /data/media/####/channel-ly.txt
Другие:
Запускает следующие shell-скрипты:
- /system/bin/cat /proc/cpuinfo
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq
- /system/bin/cat /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_min_freq
- getprop
- getprop ro.build.display.id
- getprop ro.build.version.emui
- getprop ro.build.version.opporom
- getprop ro.miui.ui.version.name
- getprop ro.smartisan.version
- getprop ro.vivo.os.version
- ls /
- ls /sys/class/thermal
Загружает динамические библиотеки:
- crash_analysis
- libjiagu133023732
Использует следующие алгоритмы для шифрования данных:
- AES
- AES-CBC-PKCS5Padding
- AES-ECB-PKCS5Padding
- Des-ECB-NoPadding
- RC4-ECB-NoPadding
- RSA-ECB-PKCS1Padding
Использует следующие алгоритмы для расшифровки данных:
- AES
- Des-ECB-NoPadding
Осуществляет доступ к приватному интерфейсу ITelephony.
Использует специальную библиотеку для скрытия исполняемого байт-кода.
Получает информацию о местоположении.
Получает информацию о сети.
Получает информацию о телефоне (номер, IMEI и т. д.).
Получает информацию об установленных приложениях.
Получает информацию о запущенных приложениях.
Отрисовывает собственные окна поверх других приложений.
